Jump to content

Authentication outside of "Allowed IP Ranges" with SAML2


Recommended Posts

Hi 

 

I just configured Passwordstate to authenticate with SAML2, and this works great from internal.

In Passwordstate I configured our internal IP ranges as "Allowed IP Ranges".  I set the option of "If the Passwordstate web site is accessed outside of one of the IP Ranges listed above, force the user to authenticate using the following method" also to SAML2 but with an other Time Out.

 

If we access Passwordstate now from a not-"Allowed IP Range", I have to authenticate using ADFS and then I have to authenticate again using the Anonymous-Default-Passwordstate Form.

If I remove all entries in "Allowed IP Ranges" it works from any IP Range with only one authentication, but then I have the default Timeout.

 

Do you now this behavoir is there a fix for this?

 

Best regards,

 

Fabian

Link to post
Share on other sites

Hi 

 

I just have some additional informations: 

When I wrote about not-"Allowed IP Range", I tested from outside of our company, over the WAP-Publishing. This WAP-Publishing made the SAML-Authentication.

Now I just tested from an internal IP Range which is not configured as "Allowed IP Range" (so I don't connect over WAP). If I do this, I directly come to the Anonymous-Default-Passwordstate Form (screenshoted in my last post). I also opend de developer-tools in my browser and I have seen, that there's no communictation to our ADFS-Server.

 

From this point, it seams, that SAML2 authentication is not working from a not-"Allowed IP Range".

 

Best regards,

 

Fabian

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...